Multiple vulnerabilities have been identified in Microsoft SQL Server, which could be exploited by malicious users to disclose sensitive information or gain elevated privileges.
The first issue is caused by an error when initializing memory pages when reallocating memory, which could allow an attacker with database operator privileges to access arbitrary customer data.
The second vulnerability is caused by a buffer overflow error in the convert function when handling malformed input strings, which could be exploited by authenticated attackers to execute arbitrary code with elevated privileges.
The third issue is caused by a memory corruption error when handling malformed data structures in on-disk files, which allow authenticated attackers to execute arbitrary code with elevated privileges.
The fourth vulnerability is caused by a buffer overflow error when processing malformed insert statements, which could be exploited by authenticated attackers to execute arbitrary code with elevated privileges.
Note: In order to remotely exploit this vulnerability, an unauthenticated attacker could leverage a separate SQL injection vulnerability and then trigger the SQL Server to load a malicious MTF (Microsoft Tape Format) file from the Internet.
Credits
Vulnerabilities reported by Brett Moore (Insomnia Security) and iDefense Labs.
ChangeLog
2008-07-08 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
